Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types, with AI-generated Chinese analysis, references, and POCs.

Vendor: wickedplugins

CVE IDTitleCVSSSeverityPublished
CVE-2026-1883 Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion CWE-639 4.3 Medium2026-03-15
CVE-2023-0729 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order CWE-352 5.4 Medium2023-06-09
CVE-2023-0726 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder CWE-352 5.4 Medium2023-02-08
CVE-2023-0722 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state CWE-352 5.4 Medium2023-02-08
CVE-2023-0684 Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders CWE-862 5.4 Medium2023-02-08
CVE-2023-0715 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder CWE-862 5.4 Medium2023-02-08
CVE-2023-0711 Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state CWE-862 5.4 Medium2023-02-08
CVE-2023-0717 Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder CWE-862 5.4 Medium2023-02-08
CVE-2023-0725 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_clone_folder CWE-352 5.4 Medium2023-02-08
CVE-2023-0724 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_add_folder CWE-352 5.4 Medium2023-02-08
CVE-2023-0685 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders CWE-352 5.4 Medium2023-02-08
CVE-2023-0720 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder_order CWE-862 5.4 Medium2023-02-08
CVE-2023-0716 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_edit_folder CWE-862 5.4 Medium2023-02-08
CVE-2023-0718 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder CWE-862 5.4 Medium2023-02-07
CVE-2023-0723 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object CWE-352 5.4 Medium2023-02-07
CVE-2023-0712 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object CWE-862 5.4 Medium2023-02-07
CVE-2023-0719 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_sort_order CWE-862 5.4 Medium2023-02-07
CVE-2023-0730 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order CWE-352 5.4 Medium2023-02-07
CVE-2023-0727 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder CWE-352 5.4 Medium2023-02-07
CVE-2023-0713 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_add_folder CWE-862 5.4 Medium2023-02-07
CVE-2023-0728 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_save_folder CWE-352 5.4 Medium2023-02-07

All 21 known CVE vulnerabilities affecting Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types with full Chinese analysis, references, and POCs where available.